We have the Kyocera KM-4035 network printer/scanner. Beautiful machine, it can copy, print and scan. It accepts print jobs from the network, and it can send scanned pictures as PDF to your mailbox.

Well, most of the time. Sometimes it refuses to send emails. Why?

To scan, you need to press the scan button. And sometimes, it just says "SMTP server could not be found". Very annoying. And what was more annoying was that the problem was not easily reproducable, it was actually very hard to figure it out.

To make a long story short, the problem lies in the DNS request of the scanner:

At offset 0x001c the DNS header starts: 0x4b6f (=19311) for the
identification, 0x0000 for the flags, 0x0001/0x0000/0x0000/0x000
for the number of requests/answers/authority/additional resource
records and the question: who knows the A record for smtp.banco.net.au.

The DNS server for that LAN, at 10.200.5.1, is a caching-only forwarding name server. It does know where to ask for others, but itself isn't authoritative for any domains. It will give answer to questions of which the answers are cached, or to questions which have the RD (Recursion Desired) flag set. The RD flag is normally set for DNS request from simple clients (PCs, network equipment etc). If the RD flag is not set, it indicates that the device (most likely a DNS server) asking the question is smart enough to know how to handle answers with referrals.

So the scanner sends a question without the RD flag.

If the name smtp.banco.net.au is known in the cache of the nameserver, it will return it (this is the "sometimes the scanner works"):

If the name smtp.banco.net.au is not known in the cache of the nameserver, it will tell return a list of servers where it can get the information:

12:51:51.747207 10.200.5.1.53 > 10.200.5.11.1024: 27028 0/13/13 (454)

How can it be resolved?

Long term solution: The scanner should set the RD flag in the question. It has shown it is not capable of finding out itself what to do with the referer answer, it should let this be done by the DNS server itself. Tell Kyocera about this problem and let them release new firmware.

Short term solution: We point the scanner to our main DNS servers, which are authoritative for these domains and thus always can answer the question or where smtp.banco.net.au lives.